#3310 closed defect (bug) (worksforme)
Nonce Checks Failing for Private Groups
Reported by: | Iridox | Owned by: | |
---|---|---|---|
Milestone: | 1.5 | Priority: | normal |
Severity: | normal | Version: | |
Component: | Groups | Keywords: | |
Cc: |
Description
Running BuddyPress 1.2.8 on Wordpress 3.1.4
Expected behavior: Clicking an action such as Accepting a join request or promoting a member to admin status to complete successfully.
The Result: Nonce check fails and WordPress returns a "Failure Notice" with a "try again" link.
I can reproduce this on a completely fresh copy of wordpress and buddypress (same versions as above.)
When I removed the check_admin_referrer() calls in bp-groups.php expected behavior resumed, but I assume I just killed the security feature entirely.
Change History (6)
#2
@
13 years ago
Not sure if this would make a difference or not, but the test server runs on NGINX, not Apache.
#3
@
13 years ago
- Keywords changed from nonce, security to nonce security
- Severity set to normal
Are you able to switch to BuddyPress trunk and duplicate this issue in your setup?
#4
@
13 years ago
- Keywords nonce security removed
- Resolution set to worksforme
- Status changed from new to closed
These actions are working fine for me on the latest BP trunk. If you can reproduce them with BP trunk, please reopen the ticket.
I just tested promoting a group member to admin, accepting a group invitiation, on a totally clean install with those versions and it worked for me.